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Module 1 


Give the formal definition of cybercrime. Give some examples of 
cybercrime that occur in daily life / What is cybercrime? How do 
you define it? 


e Forester and Morrison (1994) defined a computer crime as: A criminal act in which a 
computer is used as the principal tool. 


e This was the preliminary definition. 


e We can define a (genuine) cybercrime as: A crime in which the criminal act can be 
carried out only through the use of cyber-technology and can take place only in the 
cyber realm. (Tavani, 2000) 


e Cybercrime can also be defined as any illegal act where special knowledge of 
computer technology is essential for its perpetration, investigation, prosecution. 


e It is a crime conducted in which a computer was directly and significantly 
instrumental. 


e Itis any traditional crime that has acquired a new dimension or order of magnitude 
through the aid of computers. 


Some of the cybercrimes that occur in daily life are: 
Phishing Scams 


e A phishing campaign is when spam emails, or other forms of communication, are 
sent with the intention of tricking recipients into doing something that undermines 
their security. 


e Example: Fake email sent from ebay which asks you to update your credit card 
information. 


Dos Attack 
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e Distributed DoS attacks (DDOS) are a type of cybercrime attack that cybercriminals 
use to bring down a system or network. Sometimes connected IoT (Internet of 
Things) devices are used to launch DDoS attacks. 


e Example: February 2020 attack reported by AWS - at its peak this attack saw 
incoming traffic of 2.3 terabits per seconds. 


Ransomware 


e Ransomware is a specific type of malware that gains control of your system and 
blocks access to your files. 


e It can infect your computer from an email attachment or through a bad website. 


e Upon infection, a ‘ransom note’ pops up, offering to restore your system back to 
normal in exchange for compensation. 


e Example: This is an example of Ransomware and this was called the WannaCry 
attack, and at the time it was the biggest ransomware attack ever. It hit earlier in 
2017 in over 150 countries and over 2,00,000 organisations. 


Man in the middle 


e The man in the middle attack is where a cyber criminal is intercepting your data or 
information while it is being sent from one location to another (ie. communications 
system to a server). 


e Example: In 2017, credit score company Equifax removed its apps from Google and 
Apple after a breach resulted in the leak of personal data. It was found that the 
attackers were intercepting data, in the form of a man in the middle attack, as users 
accessed their accounts. 


Who are cybercriminals? / What are different types of criminals 
and what can be several motives behind the crime? 


e Cybercriminals are individuals or teams of people who use technology to commit 
malicious activities on digital systems or networks with the intention of stealing 
sensitive company information or personal data, and generating profit. 


e Cybercriminals are known to access the cybercriminal underground markets found 
in the deep web to trade malicious goods and services, such as hacking tools and 
stolen data. 
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e Laws related to cybercrime continue to evolve across various countries worldwide. 
Motives cybercriminals may have behind cybercrimes are: 
e Greed of money 
e Desire to gain power 
e Desire to revenge 
e Sense of adventure 
e Psychological perverts 
At least three categories for typical computer criminals are: 
e (Amateur) Teenage hackers: 
o Little thought and relatively no planning of 
a How the offence will be committed 
= How the offender will escape once the offence has been committed 
= What to do with weapons/tools used in the offence 


o In addition, amateur criminals will often live in close proximity to where the 
offence takes place. 


o Many drug and alcohol related crimes are committed from within this group, as 
well as ‘crimes of passion’. 


o Criminal is Mostly aware of the basic information required about the victim 
e Professional criminals 


o Professional criminals are people who commit crimes and treat it like they are 
professionals 


o Itis ajob or a self owned business. 
o There are far fewer pros than there are amateurs. 
o Example: Black hat hackers. 

e Insiders 


o Loyal employees who are unable to resist a criminal opportunity presented by 
cyber-technology. 
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Types of Cyber Criminals: 
e Cyber Criminals: Hungry for recognition 
o Hobby Hackers 
o I.T. professionals 
o Politically motivated Hackers 
o Terrorists organisations 
e Cyber Criminals: not interested in recognition 


o Psychological perverts 


(0) 


Financially motivated hackers 


° 


State-sponsored hacking 
o Organised criminals 
e Cybercriminals: the insiders 
o Disgruntled or former employees seeking revenge 


o Competing companies using employees to gain economic advantage 


Classification of Cybercrimes / Types of Cyber Crimes with their 
classifications. 


https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e1a58a97-6bdc-4 


What is meant by "insider threat"? How does it affect an 
organisation? 


e An insider threat can happen when someone close to an organisation with 
authorised access misuses that access to negatively impact the organisation’s 
critical information or systems. 
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e A current or former employee, contractor, or business partner who has or had 
authorised access to the organisation’s network, systems, or data. Examples of an 
insider may include: 


o A person given a badge or access device. 


° 


A person whom the organisation supplied a computer or network access. 


° 


A person who develops products and services. 


° 


A person who is knowledgeable about the organisation’s fundamentals. 


° 


A person with access to protected information. 


e An insider threat is any employee, vendor, executive, contractor, or other person 
who works directly with an organisation. 


e A malicious insider is one that misuses data for the purpose of harming the 
organisation intentionally. 


Malicious insiders are harder to detect than external threats because they know that 
they must hide their tracks and steal or harm data without being caught. 


e They are also harder to detect because they often have legitimate access to data 
for their job functions. 


e A malicious insider can be any employee or contractor, but usually they have high- 
privilege access to data. 


e For example, a software engineer might have database access to customer 
information and will steal it to sell to a competitor. 


e This activity would be difficult to detect since the software engineer has legitimate 
access to the database. 


e Every organisation is at risk of insider threats, but specific industries obtain and 
store more sensitive data. 


e These organisations are more at risk of hefty fines and significant brand damage 
after theft. 


e What makes insider threats unique is that it’s not always money driven for the 
attacker. 
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In some cases, the attacker is a disgruntled employee who wants to harm the 
corporation and that’s their entire motivation. 


There are four types of insider threats. They aren’t always malicious, but they can 
still have a devastating impact on revenue and brand reputation. 


The malicious types of insider threats are: 
o Sabotage: The insider threat goal is to damage a system or destroy data. 


o Fraud: When theft or changes to data are meant for deception, the attacker’s 
goal is fraudulent and likely for the purpose of causing corporate disruption. 


o Theft of intellectual property: Any proprietary information is valuable to an 
organisation, and an attacker aiming to steal it could create long-term monetary 
damage. 


o Espionage: Any sensitive trade secrets, files, and data are vulnerable to 
espionage if an attacker steals them to sell to competitors. 


How to Prevent Cyber Crimes? 


Backup all data, system, and considerations: This enables data stored earlier to 
assist businesses in recovering from an unplanned event. 


Enforce concrete security and keep it up to date: Choose a firewall with features 
that protect against malicious hackers, malware, and viruses. This enables 
businesses to identify and respond to threats more quickly. 


Never give out personal information to a stranger: They can use the information to 
commit fraud. 


Check security settings to prevent cybercrime: A cyber firewall checks your network 
settings to see if anyone has logged into your computer. 


Using antivirus software: Using antivirus software helps to recognise any threat or 
malware before it infects the computer system. Never use cracked software as it 
may impose the serious risk of data loss or malware attack. 


When visiting unauthorised websites, keep your information secure: Using phishing 
websites, information can easily bypass the data. 


Use virtual private networks (VPNs): VPNs enable us to hide our IP addresses. 
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e Restriction on access to your most valuable data: Make a folder, if possible, so that 
no one can see confidential documents 


Some common terms: 


Cybersquatting: Cybersquatting is registering, selling or using a domain name with 
the intent of profiting from the good will of someone else's trademark, it generally refers 
to the practice of buying up domain names that use the names of existing businesses 
with the intent to sell the names for a profit to those businesses. 


Cyberterrorism: Cyberterrorism is committed and planned activity in cyberspace via 
computer networks. It consists of the usage of e-mail for communications among co- 
conspirators to communicate records for use in violent activities as well as recruiting 
terrorist institution individuals through internet sites. This causes fear and terror in 
society. 


Cyberpunk: Punk dictionary meaning is teenager or young adult who is performing 
aggressive or violent crime. A young aggressive adult using cyberspace for performing 
cybercrime is cyberpunk. 


Cyberwarfare: it is a computer- or network-based conflict involving politically motivated 
attacks by a nation-state on another nation-state. In these types of attacks, nation-state 
actors attempt to disrupt the activities of organisations or nation-states, especially for 
strategic or military purposes and cyber espionage. 

Although cyberwarfare generally refers to cyber attacks perpetrated by one nation-state 
on another, it can also describe attacks by terrorist groups or hacker groups aimed at 
furthering the goals of particular nations. Cyberwarfare can take many forms. 


Hackers 
e Computer criminals are often referred to as hackers. 
e "Hacker" originally applied to anyone who "programmed enthusiastically”. 


e A hacker is a person intensely interested in the arcane and recondite workings of 
any 
computer operating system. 


e Hackers are most often programmers. As such, hackers obtain advanced 
knowledge of 
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operating systems and programming languages. 
e They might discover loopholes within systems and the reasons for such holes. 


e Hackers constantly seek further knowledge, freely share what they have 
discovered, 
and never intentionally damage data. 


Expressions white hat and black hat 


are used to distinguish between the | Lots of knowledge and | Lots of knowledge and 


Experience Experience 


“White hat hackers" refers to Good guy Bad guy 
"innocent" or non-malicious forms 
of hisclinie: while “black hat Strong ethics Poor ethics 
hackers" refers roughly 1 what we No crime Commits crime 
described above as "cracking." 

Fights criminals Is the criminal 


e A white hat hacker is a computer security specialist who breaks into protected 
systems and networks to test and asses their security. 


two types of hacking behavior. 


e Grey hat hackers refers to a computer hacker or computer security expert who may 
sometimes violate laws or typical ethical standards, but does not have the malicious 
intent like black hat hacker. 


e Black hat hackers break into secure networks to destroy, modify, or steal data, or to 
make the networks unusable for authorised network users. 


e Phreaker is the one who gains illegal access to the telephone systems. Phreakers 
are considered the original computer hackers and they are those who break into the 
telephone network illegally, typically to make free long distance phone calls or to tap 
phone lines. 


Module 2 
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Phases of attack / How do criminals plan the attack? 
1. Reconnaissance: 
e Itis the act of gathering information about the victim 
e It involves accumulating data about the target's environment. 


e Objective of the phase is to understand the system, its networking ports and 
services, and other aspects of its security that are needful to launch the attack 


2. Scanning and scrutinising the gathered information 


e Scanning is a key to examine intelligently while gathering information about the 
target 


e Objectives of scanning: 
o Port Scanning: identify open/close ports and services 


o Network scanning: Understand IP addresses and related information about 
the computer network system 


o Vulnerability scanning: Understand the existing weaknesses in the system. 
e Scrutinising phase: It is also called as enumeration in the hacking world. 
e Objective of Scrutinising: 
o Identify the valid user accounts or group 
o Identify network resources and/or shared resources 
o OS and different applications that are running on the OS. 
3. Launching the attack 


e Usually most attackers consume 90% of their time in scanning, scrutinising and 
gathering information on a target and 10% of their time in launching the attack. 


e Types of attacks that can be done: 
o Crack the password 
o Exploit the privileges 
o Execute the malicious commands/applications 


o Hide the files 
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o Cover the tracks- delete the access logs 


Active and passive attacks 


https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b7ae8a8b-6416-4 
fd6-bae3-adbie9b1ef3e/active_and_passive_attacks.pdf 


Social Engineering 


Social engineering is an art of exploiting trust of people, which is not doubted while 
speaking in normal manner. 


Social engineers study human behaviour and psychology: desire to be helpful, 
attitude to trust, fear of getting into trouble etc. 


The idea behind social engineering is that it is easy to trick a person than break the 
security 


People are weak link in security and this principle makes social engineering 
possible 


Social engineer uses telecommunication or internet to make the victim do 
something which is against the security practice. 


Goal is to fool someone and get valuable information or unauthorised access. 


Classification or types of social engineering: 


Human-based social engineering: 


e Human-based social engineering involves person-to-person interaction to gain 


the required information. For example, calling the help desk and trying to find out 


a password. 


e Impersonating a valid user: Impersonation is a common social engineering 
attack. It takes the advantage of helping nature of people. Here the criminal 
pretends to be a valid user. Eg. Asking help to enter in unauthorised area by 
saying forgot card or no inglis 
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e Calling technical support: The help desk and technical support people are 
trained, to help users, when a person call for the technical support for assistance 
they may be good prey for social engineering attacks. 


e Posing as an Important user: The attacker pose himself as a higher authority 
to gain the access to the system. The attacker uses pressure on low level 
employees for gaining access to the system. The fact is that many low- level 
employees will not ask any question to higher position authority. 


e Shoulder surfing: Shoulder surfing refers to the act of obtaining personal or 
private information through direct observation. Shoulder surfing involves looking 
over a person's shoulder to gather pertinent information while the victim is 
unaware. This is especially effective in crowded places where a person uses a 
computer, smartphone or ATM. 


e Using a third person: An attacker can pretend to have permission from the 
authorised source to use a system when the authorised person is not present 
and out of reach to contact for verification. 


Computer-based social engineering 


e Computer-based social engineering involves the attempts made to get the 
required information by using computer software or Internet. 


e Fake e-mails: The attacker send fake email to many users and the users find 
this mail as legitimate mail. This is also known as phishing. This type of social 
engineering attack commonly uses emails to trick users in getting credentials to 
their bank accounts or maybe email accounts. 


e E-Mail attachments: The attacker sends the email attachment to the users 
which contains the malicious code. When the user opens the email and clicks on 
the given link the malicious code gets executed. 


e Pop-up windows: Same as email attachments popup windows are used by the 
attackers. The popup Windows contains special offers or free stuff which attracts 
the users to install the malicious software. 


Cyberstalking 


e Cyberstalking is stalking that takes place using electronic devices or the Internet. 
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e Itis the technological harassment directed towards a specific individual. 
e There are several forms of cyberstalking that can take place Including : 
o Placing orders for delivery in someone else's name 
o Gathering personal information on the victim 
o Spreading false rumours. 
o Threatening harm through email 
o Hacking into online accounts 
e Cyberstalking can cause extreme distress for the victim. 
e It can impact their career, personal relationships, and quality of life. 


e Often time's victims do not know who the perpetrator is and start wondering if they 
are being watched or followed. 


e Types of stalkers 


o Online stalkers : The online stalkers interact with the victim directly with the 
‘help of internet. Most of the communication medium used by stalkers is email 
and chat rooms. In online stalking the stalker make sure that the victim 
recognises the attack done on him or her. To harass the victim stalker make the 
use of third party. 


o Offline stalkers : In offline stalking the stalker make the use of traditional 
methods like following the victim, observing the daily routine of the victim, etc. 
The stalker searches the victim on message boards, personal websites, people 
finding services, and on the websites to collect information about the victim. 


How does stalking works? Steps for stalking (please use 
responsibly) 


e Gathering personal info of victim: name, family background, date of birth, contact 
details like phone number, email address, residential address etc. 


e Established contact with victim through phone or via E-mail or on social media. 


e Stalker starts sending loving messages or threatening or abusive messages. Stalker 
may use multiple names while contacting victim 
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e Continues threaten mail or messages to victim to get some information or some 
favour etc. 


e The stalker may post victim's personal photo and information on social site or porn 
website saying victim providing dating service or sex-worker posing as victim has 
posted it. The posts invites people to call victim for the services by using bad and 
attractive language. 


e One who comes across the information, starts calling victim 


e Some stalker subscribe or register the email account of the victim to some 
unwanted services 


Botnet 


The word botnet is derived from the phrase "network of robots”. It is essentially a 
widespread collection of a large number of infected computer systems. Each infected 
system runs a piece of software program called as a "Bot". This is also known as 
zombie network. 


Working: 
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Bot master 


Bot managers f 


e As shown in Fig, there is a Bot-Master system which keeps a track of total number 
of machines infected and the tasks they should perform. 


e For carefully arranged systems, which need orchestration between millions of such 
systems, another layer of Bot-Managers is created too. 


e Bot-Managers perform the tasks to accept commands from the master, to spread 
out those commands to the bots and also to report the number of systems infected 
under its jurisdiction. 


e The manager botnets are also found to be sending updated software patches to fix 
bugs or improve functionality, very similar to a security patch management system. 


e The Bot-Master is in control of the hacker who has evil intentions to create this 
army. 


e However since the hacker is supposed to be hiding from getting caught, the master 
systems and software running on it are always operating in a stealth mode. 


e In few modern botnet attacks, the botmasters were found to delegate and rotate the 
master's role between its bot-managers, thus making it extremely tough to detect. 
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These role changes were further found to be rotating their ownership based on the 
country of presence, in order to ensure vast infractions across the globe. 


Usually botnets are designed for a specific operating system, and if a wider spread 
has to be achieved, botnets prefer web code, or java language, to infect all the 
possible operating system platforms. 


How to prevent botnet? 


Stop using all technologies and live like a hermit. 


Internet security suite - Good security begins with an internet security suite that 
detects malware that has been installed removes what's present on your machine 
and prevents future attacks. 


Update your computer's operating system : Always update your computer's 
operating system as early as possible* Hackers often utilize known flaws in 
operating system security to install botnets. You can even set your computer to 
install updates automatically. The same is true of applications on your computer, 
phone and tablet. Once weakness are found and announced by software 
companies, hackers rush to create programs to exploit those weaknesses. 


Don't download attachments or click on links : Do not download attachments or 
click on links from e-mail addresses you don't recognise. This is one of the most 
common vectors for all forms of malware. 


Firewall: Use a firewall when browsing the Internet. This Is easy to do with Mac 
computers, as they come with firewall software pre-installed. If you're using a 
Windows-based machine, you might need to Install third-party software. 


Avoid visiting malware websites : Don't visit websites that are known distributors 
of malware. One of the things that a full-service Internet security suite can do is 
warn you when you're visiting such sites. When in doubt, check with Norton Safe 
Web. 


Disconnect the system from the Internet when not In use : It is not possible for 
the attacker to get into your system when the system is disconnected from the 
internet. Firewall, antivirus, and anti-spyware software's are not fool proof 
mechanisms to get access to the system. 
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Take an urgent action if your system is Infected : if you found that your system 
got infected then immediately disconnect it from the internet. Then scan the system 
using antivirus software and also change the password of your system. 


Attack Vector 


An attack vector is a path or means by which an attacker can gain access to a 
computer or to network server to deliver a payload or malicious code 


Attack vector enable attacker to exploit system vulnerabilities including the human 
element 


Attack vector include virus, E-mail attachment, web page, pop up window, instant 
message, chat room. 


To some extent, attack vector can be block using firewalls and antivirus. 
But no method is attack proof 
List of attack vector 

o Attack by email. 

o Attachment. 

o Attack by deception(trick) 

o Hackers and crackers 


o Heedless guest (attack by webpage): attacker make fake website to extract 
personal information, such website look genuine. 


o Attack of the worms. 
a. Many worms are delivered as Email attachment. 
b. worms are using holes of network protocol ( Provides list of flaws ) 


o Malicious macros : MS word and MS excel. 


o Virus 


Cloud computing? 


Cloud Computing is a technology that uses the internet and central remote servers 
to maintain data and applications 
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It hosts services over internet 


e Businesses that cannot afford the same amount of hardware and storage space as 
a bigger company. Small companies can store their information in the cloud, 
removing the cost of purchasing and storing memory devices 


e Characteristics: 

o It is sold on demand 

o Elastic in terms of usage 

o Service is fully managed by the provider 
e Types of clouds: 


o Public Cloud - A public cloud can be accessed by any subscriber with an 
internet connection and access to the cloud space. 


o Private Cloud - A private cloud is established for a specific group or 
organization and limits access to just that group. 


o Community Cloud - A community cloud is shared among two or more 
organizations that have similar cloud requirements. 


o Hybrid Cloud - A hybrid cloud is essentially a combination of at least two clouds, 
where the clouds included are a mixture of public, private, or community 


e Types of services: 


o Infrastructure as a service (laaS): Amazon Web Services provide virtual server 
with unique IP addresses, Different API are provided. 


o Platform as a service (PaaS): Cloud provides platform to host your services. 
Development tools are hosted on cloud platform. Google Apps is one of the 
most famous PaaS provider. 


o Software as a service (SaaS): Provides software to use without purchasing. 
Web-based email to applications such as Twitter. 


e Advantages: 


o Applications and data can be accessed from anywhere and any time. Data is 
not present on user's computer 


o Bring hardware cost down but need internet connection. 
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° 


Organization need not buy set of software for every employee. Instead it can 
pay the metered fee to cloud computing company 


Organization do not have to rent a physical space to store server and 
databases. 


Save money on IT support. Only desktop and internet connection has to be 
maintained. 


e Types of attacks: 


° 


Cloud malware injection attacks: Malware injection attacks are done to take 
control of a user's information in the cloud. For this purpose, hackers add an 
infected service implementation module to a SaaS or PaaS solution or a virtual 
machine instance to an laaS solution. 


Abuse of cloud services: Hackers can use cheap cloud services to arrange DoS 
and brute force attacks on target users, companies, and even other cloud 
providers. 


Denial of service attacks: DoS attacks are designed to overload a system and 
make services unavailable to its users. These attacks are especially dangerous 
for cloud computing systems, as many users may suffer as the result of flooding 
even a single cloud server. 


Side channel attacks: A side channel attack is arranged by hackers when they 
place a malicious virtual machine on the same host as the target virtual 
machine. During a side channel attack, hackers target system implementations 
of cryptographic algorithms. 


Man-in-the-cloud attacks: During this type of attack, hackers intercept and 
reconfigure cloud services by exploiting vulnerabilities in the synchronisation 
token system so that during the next synchronisation with the cloud, the 
synchronisation token will be replaced with a new one that provides access to 
the attackers 


Attacks against 3G (Or against older phones) 


Skull Trojan 


e It targeted series 60 phone with Symbian OS 
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Series 60 platform is a software platform for smartphones that runs on top of the 
Symbian operating system. 


Skulls is distributed in a malicious SIS file named "Extended theme.SIS" 


Software Installation Script (SIS) files are an archive, containing installation trojan 
will replace the system applications with non- functional versions, so that all but the 
phone functionality will be disabled. 


It will also cause all application icons to be replaced with picture of skull and cross 
bones; the icons don't refer to the actual applications anymore so none of the 
phone's normal applications will be able to start 


It also affected other Symbian devices, for example Nokia 9500, which is a Series 
80 device. 


But risk was less because installation file was designed for S60 


Cabir Worm 


First dedicated mobile worm targeting symbian OS. 


The message "Cabir" is displayed on the phone's display, and is displayed every 
time the phone is turned on. 


The worm then attempts to spread to other phones in the area using wireless 
Bluetooth signals 


Worm sends copy of itself to vulnerable phone. 


Brador Trojan 


The first backdoor Trojan for PDAs running under PocketPC 


It affect the Windows CE OS by creating svchost.exe file in windows startup folder 
which allow to take full control of mobile device. 


It opens the infected machine for remote administration. 


Brador then identifies the machine's IP address and sends it to the author, informing 
the author that the handheld is connected to the Internet and the backdoor is active. 


Finally, Brador opens port 2989 and awaits further commands full control over the 
infected PDA via this port. 
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Like all backdoors, Brador cannot spread by itself: It can only arrive as an e-mail 
attachment, 
be downloaded from the Internet or uploaded along with other data from a desktop 


Mosquito Trojan 


It affect the Series 60 Smartphone with symbian OS and it is cracked version of 
mobile phone game “Mosquitos”. 


The victims of the virus are mobile phone users who have knowingly downloaded 
an illegal version of the game ‘Mosquitos’ to play on their handset. 


Trojan that infects the phone and sends the costly SMS messages without the 
owner realising -- until their next bill arrives 


Mostly teenagers became victim of this 


Lasco Worm 


It targets PDA which runs on symbian OS , this worm released in 2005. 

Lasco arrives on a system through a bluetooth transmission. 

The user must then choose to install the software coming through. 

Lasco searches for all files with a .sis extension and places a copy of itself in them. 


Lasco will then search for other bluetooth devices and send a copy of itself to them, 
regardless of their OS. 


Objective of this attack is make system unavailable to intended user by flooding 
targeted server. 


Attacks on Android 
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Man-in-the-Disk attack 


e Every app uses two types of memory. Internal and external memory. 
e Many apps uses internal memory. But many also asks for permission to access external memory. 
è The Man-in-the-Disk attack works because of two reasons: 
o First, any app can tamper with another app's External Storage data 
o Second, because almost all apps ask for this permission, users are generally willing to give it and 
unaware of any security risks. 
e Researchers say they were able to carry out two types of attacks: 
o To crash other apps 


o To update other apps to malicious versions. 


Spearphone Attack: Spy On Calls, Voice Notes, and Multimedia 

e Dubbed Spearphone: A new side-channel attack that could allow malicious apps to eavesdrop on 
the voice coming out of your smartphone's loudspeakers without requiring any device permission. 

e It takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built 
into most Android devices and can be unrestrictedly accessed by any app installed on a device even 
with zero permissions. 

e An accelerometer is a motion sensor that lets apps monitor the movement of a device, such as tilt, 
shake, rotation, or swing, by measuring the time rate of change of velocity with respect to magnitude 
or direction. 

e the attack can be triggered when the victim either places a phone or video call on the speaker mode, 


or attempts to listen to a media file, or interacts with the smartphone assistant. 


Credit Card Fraud 


https://s3-us-west-2.amazonaws.com/secure.notion-static.com/7538634e-6b9b-4 


Security challenges faced by mobile device 
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Attack on mobiles 


Mobile phones were luxury and now have become necessity 

Mobile phone Theft 

Increasing functionalities and connectivity are the reasons behind increase in 
attack on mobile phones (SMS, MMS, Bluetooth, infrared, Multiple 
connection) 


e Mobile Virus 
o Corrupting mobile data and application. 
o Mobile virus get spread through — Bluetooth and MMS. 
o MMS virus sends copy of itself to all the contact list present in mobile. 


Mishing: Combination on mobile phone and phishing 
Vishing: Using social engineering over telephone 
Smishing: Criminal offense conducted by using SMS and phishing 


Vishing 
e Usually used to steal credit card details or other related data used in ID theft 


e Vishing via voicemail: Victim is forced to call on the provided phone number once 
he/she listens to voice call 


e Vishing via direct phone call: 
o Criminal gathers information 
o Make call to pretend panic situation 
o Ask credit/debit card details 

e How to protect from Vishing Attacks 


o Be suspicious about unknown callers 
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o Do not trust caller ID - caller ID spoofing is easy 


o Be aware and ask questions, in case someone is asking for your personal 
information 


o Report vishing calls to nearest cyber cell with number and name that appeared 
on caller ID 


Mishing 


Mishing is a blend of cell phones and Phishing. 
Mishing attacks are endeavored to utilize cell phone technology. 
M-Commerce is quick turning into a piece of regular day to day existence. 


In the event that you utilize your cell phone for acquiring 
merchandise/administrations and for banking, you could be progressively vulnerable 
to a mishing scam. 


A usual mishing attacker uses call named as vishing or message (SMS) known as 
smishing. 


SMiShing Is a security attack in which the user is tricked into downloading a trojan 
horse, virus or other malware on his cellular phone or other mobile device. 
SMiShing is short form of "SMS phishing. 


The attacker will profess to be a representative from your bank or another 
association and will guarantee a requirement for your own subtleties. 


Assailants are inventive and they would attempt to persuade you with different 
reasons why they need this data from you. 


Hacking Bluetooth 
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e Bluetooth is a wireless technology standard used for communication over 
short distances 

e When bluetooth is enable it shows its availability which makes attacker's job 
easier 

e Attacker can download address book information, photos, calendar, SIM card 
details, make longer distance phone calls etc. 


e Bluetooth hacking tools: 

o BlueScanner: This tool enables to search for bluetooth enabled devices and will try to extract 
as much information as possible for each newly discovered device after connecting with target 

o BlueSniff: This is GUl-based utility for finding discoverable as well as hidden bluetooth 
enabled devices 

o Bluesnarfer: it connects with bluetooth enabled phone without alerting the owner and gain 
access to restricted portion of stored data 

o BlueDiving: it tests bluetooth penetration. It implements attacks like BlueSnarf and Bluebug 


Mobile Devices: Security Implications for Organizations 
e Managing Diversity and Proliferation of Hand-Held Devices 


o Manager or CEO needs to make decisions about security policies like: 
registered devices are only allowed in premises, accessibility of network to 
outside devices etc. 


e Unconventional/Stealth devices: 


o The employees use Compact Disc (CD) and Universal Serial Bus (USB) drives. 
With the advancement of the technology the size of the storage devices is 
decreasing. It is very difficult to detection devices for organizational security. So, 
it is advisable employee not to use these devices. 


e Threats through lost and stolen devices: 


o When the people are travelling, it happens that mobile hand-hend devices get 
lost. Lost mobile devices are a larger securiyt risk to corporations. This lost or 
stolen device put the company on serious risk of damage, exploitation or 
damage to its professional integrity. 


e Educating the Laptop Users 


o Corporate laptop users could be put their company's networks at risk by 
downloading the non work related software which spreads viruses and spyware. 
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Difference between phishing and vishing 
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PHISHING 


Phishing attack is targeted for a wide range of people through 
emails. 


Victim needs to click on malicious links. 


It is an automated attack. 


Asingle attacker can send various emails at a time. 


It has more accuracy. 


It is more used now-a-days. 


The attackers involved in phishing are cyber criminals or 
professional hackers. 


Phishing can take place in the following forms- 


Spear Phishing 

Whaling 

Clone Phishing 

Smishing 

Vishing 

Angler phishing and more. 


Common Precautionary Steps- 


Think twice before submitting your sensitive information. 
Never believe warning messages. 

Avoid opening any Word, Excel, PowerPoint, or PDF-like 
enclosed documents in these deceptive or unusual 
communications and others. 


Examples of Phishing Attacks- 


e Fraudulent fake invoices 
e Email Account Upgrade Fraud 
e Suspicious Activity Fraud and others. 


VISHING 


Avishing attack is also targeted at a wide range of 
people through voice communication. 


Victim needs to tell the information on their own. 


While it is a manual attack. 


Voice calling to target can be done by a attacker one 
a time. 


It has less accuracy. 


It was mostly used in earlier days but still attackers 
use it. 


While the vishing attackers are not experts in 
hacking. 


Vishing can take place in the following forms- 


e Agovernment official 

e Telemarketing Incident 

e Fraudulent Tech Support 

e Fake bank transactions and more. 


Common Precautionary Steps- 


¢ Do not pick the call from unknown number 

¢ Block the number immediately in case you find 
something like fraud during the call. 

e Avoid responding such as pressing of buttons or 
speaking in response to prompts from 
automated message. 


Examples of Vishing Attacks- 


e Wardialing 
e Caller ID forgery 
e Dumpster diving and others. 


Module 3 & 4 


These are not the questions from the QBB pdf, but instead the ones that were there in 
the IA2 QB provided by ma’am. 


What are the basic stages of attack over the network? 
e Initial uncovering: 


o Gathering information by searching about the victim on google or social media 
sites etc. also gathering information about the company they work at, etc. 


o At this phase, only preventive measures can be taken. 


o Detection of the attacker is not possible at this stage as they haven't done 
anything illegal. 


e Network probe: 


o Using active and passive attack tools to get more intense information about the 
network. 


o “port scanning” tools are used to discover exactly which services are running on 
the target system. 


o At this point, the attacker has still not done anything that is considered as 
abnormal activity. 


e Crossing the line towards electronic crime: 
o Attacker in this stage is proceeding towards committing crime 


o The Attacker uses different exploits, guessable system passwords, 
programming errors etc. 


o The attacker usually goes through several stages of exploits to gain access of 
the system 


e Capturing the network: 
o Attacker attempts to own the network 


o The attacker gains a foothold in the internal network quickly and easily, by 
compromising low-priority target systems. 
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o It includes introduction of trojan 
o Attacker also removes all the evidences of attack 


o Number of hacking tools are available which can clean up log files and remove 
traces of intrusion 


o For example 
= Evidenceeliminator.com 
= Cesoft.net 
= traceless.com/computer-forensics 
Grab the data: 
o Once the network is captured, then important information is stolen 
Covering tracks: 


o This is last step in any cyberattack where attacker extends misuse of system 
without being detected 


o Attacker can also start next attack from this phase 


What are Anonymizers? 


An Anonymizer is also Known as An Anonymous Proxy. 
It is a tool that attempts to make activity on the internet untraceable. 


It acts as an intermediary and privacy shield between a client computer and the rest 
of the Internet. 


It accesses the Internet on the user's behalf, protecting personal information by 
hiding the client computer's identifying information. 


It hides/removes all identifying information from a user’s computer while the user 
surfs on the Internet 


It ensures privacy of the user 


In 1997, the first anonymous software tool was created by Lance Cottrell, developed 
by Anonymizer.com 
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What are key-loggers? 


Key-logger is a computer program/device that records every keystroke made by a 


computer user, especially in order to gain fraudulent access to passwords and other 
confidential information. 


There are two types of key-loggers: 


e Software Key-loggers: 


° 


° 


° 


Software keyloggers are software programs installed on computer systems 
which can record every keystroke. 


Keylogger stored the key entered by the user. 
It is the easiest way to capture the password. 
Normally installed by Trojans or viruses 


Keylogger usually consists of two files that get installed in the same directory: a 
dynamic link library (DLL) file and an executable (EXE) file that installs the DLL 
file and triggers it to work. 


DLL does all the recording of keystrokes 


Eg: Stealth Keylogger, Power Keylogger, Spy Buddy, Elite Keylogger, etc 


e Hardware Keylogger: 


fo) 


Hardware keyloggers are small hardware devices, connected to PC and 
keyboard and save every keystroke into file or in memory. 


Keyloggers look like an integrated part of the systems hence go undetected 


They are small hardware devices connected to the PC that can save every 
keystroke into a file or in the memory of the hardware device 


E.g. Cybercriminals install such devices on ATM machines to capture ATM card 
PINs 


Eg: Keyghost, Keylog, KeyDevil, KeyKatcher, etc 


What can be the purposes behind password cracking? 


Password is like a key to get an entry into computerized systems like a lock. 
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Password cracking is a process of recovering passwords from data. 
The purpose of password cracking could be: 
e To recover a forgotten password. 


e As a preventive measure by system administrators to check for easily crackable 
passwords. (Testing ) 


e To gain unauthorized access to a system. 


Explain Dictionary Attack 
e Dictionary attack is used for password cracking. 


e It uses a predefined dictionary to look for a match between the encrypted password 
and the encrypted dictionary word. 


e It is a type of brute force attack for defeating a cipher or authentication mechanism 
by trying to determine its decryption key or passphrase by trying hundreds or 
sometimes millions of likely possibilities, such as words in a dictionary. 


e As itis a brute force attack, it is less likely to be successful if the site that it is being 
used on has proper security measures: eg. locking the user out after 5 wrong 
attempts. 


Justify why buffer overflow is a threat? 


e A buffer overflow attack typically involves violating programming languages and 
overwriting the bounds of the buffers they exist on. 


e Attackers use a buffer overflow to corrupt a web application’s execution stack, 
execute arbitrary code, and take over a machine. 


e Common consequences of a buffer overflow attack include the following: 


o System crashes: A buffer overflow attack will typically lead to the system 
crashing. It may also result in a lack of availability and programs being put into 
an infinite loop. 


o Access control loss: A buffer overflow attack will often involve the use of 
arbitrary code, which is often outside the scope of programs’ security policies. 
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o Further security issues: When a buffer overflow attack results in arbitrary code 
execution, the attacker may use it to exploit other vulnerabilities and subvert 
other security services. 


e This is why buffer overflow is a threat to mankind. 


Explain attacks on wireless networks and mention how to secure 
them. 


e Sniffing 
o It is Eavesdropping on the network and simplest of all attacks 


o Itis the process of intercepting wireless data that is being broadcasted on 
unsecured network 


o Attacker usually installs sniffers remotely on victim’s system and conducts 
activities like: 


a Password scanning 
» Detection of service set identifier (SSID) 
= Collecting MAC address 


e Spoofing 


(0) 


Primary objective of spoofing is to successfully masquerade the identity. 


(0) 


MAC address spoofing: changing assigned MAC by other device 


(0) 


IP Spoofing: creating IP packets with forged IP address 


° 


Frame Spoofing: Attacker injects frames whose content is carefully spoofed and 
which are valid as per 802.11 specification 


e DoS 

e Man-in-the-Middle (MITM) 
o Attacker stands in between host A and B without their knowledge 
o Attacker can observe the communication (threat to confidentiality) 


o Attacker can also modify the data before delivering to actual recipient (Threat to 
integrity) 
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e Encryption cracking 


o Attacker always find new tools and techniques to deconstruct the older 
encryption technology 


How to secure the Wireless Networks 
e Change the default setting of all equipments of wireless network 
e Enable wireless protected access (WPA) encryption 
e Change default SSID (Service set identifier) 
e Enable MAC address filtering 
e Disable remote login 
e Disable SSID broadcast 
e Disable features not used in AP 
e Avoid providing the network a name which is easily identifiable 


e Connect only to secure wireless networks. 


Explain Virus and Worms in Detail 
Worms : 
e Worms are similar to a virus but it does not modify the program. 


e It replicates itself more and more to slow down the computer system. Worms can be 
controlled by remote. 


e The main objective of worms is to eat the system resources. 


e Eg. The WannaCry ransomware worm in 2000 exploits the Windows Server 
Message Block (SMBv1) which is a resource-sharing protocol. 


Virus: 


e A virus is a malicious executable code attached to another executable file that can 
be harmless or can modify or delete data. 


e When the computer program runs attached with a virus it performs some action 
such as deleting a file from the computer system. 


CSL End Sem 31 


e Viruses can’t be controlled remotely. 


e Eg. The ILOVEYOU virus spreads through email attachments. 


Sr.No.Basis of WORMS VIRUS 
Comparison 
Definition A Worm is a form of malware that replicates itselfandcan A Virus is a malicious executable code 
spread to different computers via Network. attached to another executable file which 
can be harmless or can modify or delete 
data. 
Objective The main objective of worms is to eat the system resources. The main objective of viruses is to modify 
It consumes system resources such as memory and the information. 
bandwidth and made the system slow in speed to such an 
extent that it stops responding. 
Host It doesn't need a host to replicate from one computer to It requires a host is needed for spreading. 
another. 
Harmful It is less harmful as compared. It is more harmful. 
Detection and Worms can be detected and removed by the Antivirusand Antivirus software is used for protection 
Protection firewall. against viruses. 
Controlled by Worms can be controlled by remote. Viruses can't be controlled by remote. 
Execution Worms are executed via weaknesses in the system. Viruses are executed via executable files. 
Comesfrom Worms generally comes from the downloaded files or Viruses generally comes from the shared or 
through a network connection. downloaded files. 


Symptoms e Hampering computer performance by slowing down it e Pop-up windows linking to malicious 


e Automatic opening and running of programs websites 
e Sending of emails without your knowledge Hampering computer performance by 
e Affected the performance of web browser slowing down it 
Error messages concerning to system and operating After booting, starting of unknown 
system programs. 
Passwords get changed without your 
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Prevention Keep your operating system and system in updated state ¢ Installation of Antivirus software 
Avoid clicking on links from untrusted or unknown e Never open email attachments 
websites e Avoid usage of pirated software 
Avoid opening emails from unknown sources e Keep your operating system updated 
Use antivirus software and a firewall e Keep your browser updated as old 
versions are vulnerable to linking to 
malicious websites 
Internet worms, Instant messaging worms, Email worms, Boot sector virus, Direct Action virus, 
File sharing worms, Internet relay chat (IRC) worms are Polymorphic virus, Macro virus, Overwrite 
different types of worms. virus, File Infector virus are different types 
of viruses 
Examples Examples of worms include Morris worm, storm worm, etc. Examples of viruses include Creeper, 
Blaster, Slammer, etc. 


Interface It does not need human action to replicate. It needs human action to replicate. 


Speed Its spreading speed is faster. Its spreading speed is slower as compared 


to worms. 


What is a backdoor? 


e Backdoor is a feature or defect of a computer system that allows an attacker 
unauthorized access to data. 


e Two main types of backdoors: 
o Conventional (hidden parameters, redundant interfaces, etc.) 


o Unconventional (breaking authentication between two application’s 
components) 


e It refers to any method by which authorized and unauthorized users are able to get 
around normal security measures and gain high level user access on a computer 
system, network or software application 


e Programmers may sometimes install a backdoor so that the program can be 
accessed for troubleshooting or other purposes. 


e Attackers use the detected backdoors or installed by themselves as a part of the 
exploit. 


e Worm is many times designed to take advantage of backdoor 
e Eg: Bifrost: Infect Windows 95 through Vista 


e Eg: Onapsis: open source ERP penetration testing framework. 
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Define Intellectual Property Rights with all provisions. 


Intellectual Property rights aim to provide the innovators and creators legal 
protection for their ideas and creations, trademarks, names, brands etc. 


Intellectual Property encompasses 2 types of rights : 


o Industrial property rights: trademarks, patents, geographical indicators, 
designations of origin, industrial designs and models etc. 


o Copyrights: literary, dramatic, artistic and musical work, films etc. 


Patents: In India patents are governed by the provisions of the Patents Act 1970 
and amended by Patents Act 2005 and Patents Act Rules 2006 


Trade Secrets: There is no specific law in India for the protection of trade secrets. 
They are protected under various statuses including contract law, copyright law, 
breach of confidence etc. 


Trademarks: Trademarks in India are registered and protected under the Trade 
Marks Act 1999. 


Copyrights: They are protected and registered under the Copyright Act 1957. 


Geographical Indications: 1999 (GI Act) is an act of the parliament of India for 
protection of geographical indications in India. 


Indian IT Act 2000 has no provision for the protection of copyright. 


Indian Copyright Act 1957 deals with protection of computer software and is 
inadequate to address all the aspects of IT 


The Act defines the term computer and computer program in section 2(ffb) and 
section 2(ffc) respectively. 


Section 63 B of copyright Act 1957, is related to the copyright-related infringement 
of software or computer program and punishment for the offense. 


Act protect Databases as Literary work under section 13(1) 


Explain the ping of death and smurf attack. 


Ping of death is a process of sending oversized ICMP packets to a system. 


Mainly used by network computers. 
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e Eg. On a windows machine if one types, 
o ping —L 65510 <victim IP address> 
o We know that the max IP packet size allowed = 65535 


o The above command creates a packet when reassembled that is larger than the 
max size of 65,535 that is allowed. 


o This causes the system to crash. 
e Why crash? 
o ICMP echo has a “pseudo header” consisting of 8 bytes of ICMP header info 
o Next in the ICMP packet is the ping data that is sent 
o Maximum amount of data can send is 65535 — 20 IP — 8 ICMP = 65507 
o Hence, data sent (65510) is too large. 


e A Smurf attack is a form of a distributed denial of service (DDoS) attack that 
renders computer networks inoperable. 


e The Smurf program accomplishes this by exploiting vulnerabilities of the Internet 
Protocol (IP) and Internet Control Message Protocols (ICMP). 


e The steps in a Smurf attack are as follows: 


o First, the malware creates a network packet attached to a false IP address — a 
technique known as "spoofing." 


o Inside the packet is an ICMP ping message, asking network nodes that receive 
the packet to send back a reply 


o These replies, or "echoes," are then sent back to network IP addresses again, 
setting up an infinite loop. 


e Here are a couple of steps to for Smurf attack mitigation: 
o make sure to block directed broadcast traffic coming into the network 


o configure hosts and routers not to respond to ICMP echo requests. 
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What is identity theft? List different types of identity theft. 


e Identity theft is the crime of obtaining the personal or financial information of another 


person to use their identity to commit fraud, such as making unauthorized 
transactions or purchases. 


e Identity theft is committed in many different ways and its victims are typically left 
with damage to their credit, finances, and reputation. 


e Financial identity theft : 
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o Financial fraud is when victims identity is used to perform criminal activity that is 
harmful to victim’s finance 


=» Opening new credit card in victim’s name 
= Open bank account 

a Purchase vehicle 

= Home mortgage 


o Process of recovering is expensive, time-consuming and psychologically 
painful. 


o This type of fraud also damages the credit history of the victim. 
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e Criminal identity theft : 

o Perform criminal activity by using someone else identity 
» Enter in some country illegally 
» Commit terrorism 
a Cybercrimes 
= Drug trafficking 
a Money laundering 

o This type of crimes include using victim’s identity to commit criminal act 


o During investigation, the victim’s name will be coming in front which will destroy 
the victim's reputation, add criminal history etc. 


e Identity cloning: 
o Living somebody else's identity 


o Instead of financial fraud or committing crimes on victim’s name, criminal 
compromise the victim’s life by living and working as the victim’s identity 


o Clone accounts on social media and in cyber world is very easy and popular 
these days 


e Business identity theft : 
o Applying for corporate credit card with victim’s name 
o Purchase/sell property with fake id 
o Steal product information and use it to sell it as victim’s 
o It caused damage to business reputation 


e Medical identity theft: Health insurance fraud 


What is E-commerce? Explain different types of e-commerce with 
suitable examples. 


e Can be defined as buying and selling of goods, products or services over internet 


e Online transaction of money, funds transfer are also part of electronic commerce 
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e Types of E-commerce: 
e B2C: 
o Very well known category 
o Transaction between business and consumer through online shopping 
o Electronic retailing 
o Example: Amazon.com, Flipkart.com 
e B2B: 
o Transaction done between two business organizations 
o Usually in large terms of volume and value of the goods and services 
o Example: IndiaMART.com, shopifygold.com 
= Manufacturer producing raw material 
e C2C: 
o Electronic transaction done between two end consumers 


o Third party usually provide online platform for consumer to identify and buy or 
sell products 


o Example: eBay.com, olx.com. Renting or selling purchasing houses is also done 
using online websites Magicbrick.com, housing.com etc. 


e C2B: 
o Individual consumer provides goods or services to business and get paid 


o Third party platform is used by businesses to list down their requirements and 
connect with individual consumer 


o Example: SurveyMonkey.com, TranslationDirectory.com 
a Consumer taking online survey SurveyMonkey.com 
a Freelancing jobs from websites like Freelancing.com 
= Online Translation like TranslationDirectory.com 


e G2C: 
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This term refers to relation between government organization and citizens 


E-governance where citizens can communicate with government websites 
directly 


Increases transparency in governments processes 

Example: 
» Paying tax online, registration of birth, marriage or death certificates 
= Participation in government auction 


= Getting license online 


e G2B: 


o Paying tax online 


o Businesses getting online licenses and contracts 


o A classic G2B example is a government website where businesses go to pay 


taxes. 


Write a short note on Digital Certificates 


e Digital Signature is a type of electronic signature that is used to guarantee the 
integrity of the data. 


e An X.509 certificate (digital certificate) contains the information about the certificate 
subject and the certificate issuer. 


e The role of a certificate is to associate an identity with a public key value. 


e X.509 certificate contain following information: 


fo) 
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X.509 version information 

Serial number — unique identification 
Common name — identifies the subject 
Public key associated with common name 
Name of user who created the certificate 


Information about certificate issuer 


39 


o Signature of the issuer 
o Information about the algorithm used to sign the certificate 
o Some optional X.509 version 3 extensions 
e Application of X.509 : 
o web browser that support SSL protocol 
o Secured email, PEM (privacy enhanced mail) and S/MIME. 


o E-commerce protocol such as SET(secure Electronics Transaction). 


Explain Evidence Aspect in Cyber Law 


e In legal terms evidence refers to a proof legally presented in the court of law to 
ascertain the truth of matter. 


e Pieces of evidence tend to prove or disprove the fact in question and are required 
by courts to reach a conclusion in legal cases. 


a Pe | 


1 Testimony Oral or written statement, affidavit 
2 Real evidence ( Physical Tangible things like weapon, other 
Evidence) objects. 
3 Demonstrative Diagrams, photographs, maps, drawings, 
simulation , models etc 
4 Documentary Material Letter , office record, invoice, webpost, 


blog listing etc 


Explain the purpose of the proxy server. What is SQL Injection 
Attack? Explain the types. 


Purpose of Proxy Server 
e Keep system behind curtain (for security reasons) 


e Speedup access to resource (through caching) by caching web pages from a web 
server 
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Cache memory of the proxy server can serve all the users. 


Frequently requested websites from different users can remain in proxy server 
which improves user response time 


Filter unwanted content (like advertisements) 


The proxy server evaluates the request and provides the resource. 


SQL Injection Attack 


SQL is database computer language for managing data in relational DBMS 


SQL injection is a code injection technique that exploits security vulnerability at 
database layer of an application 


Attackers target common database servers used by many organizations to store 
confidential data 


Common objective behind SQL injection is to obtain sensitive information from 
database table while accessing it 


During SQL injection attack, malicious code is inserted into a website’s code to 
make a system execute a command shell or other arbitrary commands 


Example: an arbitrary command might open command prompt or a table from 
database 


Types of SQL Injection Attack 


Piggy Backed Query: 


o Insert additional queries to be executed by the database into the original query 
to extract data, add or modify data, perform denial of service, or execute remote 
commands. 


o The attacker does not intend to modify the original intended query but to include 
new queries that piggyback on the original query. 


o As a result, the DBMS receives multiple SQL queries. The first is the normal 
query, the subsequent ones are executed to satisfy the attack. 


CSL End Sem 


41 


Normal query Injected query 


“SELECT info FROM userTable “SELECT info FROM userTable 
WHERE?” +“login="" + login + “ WHERE” +“login=" + login + “ AND 
AND pin=” + pin; pin=" + pin ; DROP database webApp” 


e Output : Database Deleted 
e Input : pin=0; DROP database webApp 
e Tautologies: 


o An attacker injects queries that always evaluates to true to the Grade Central 
site to bypass authentication and retrieve grades. 


o Encode attacks in such a way as to avoid naive input filtering. 


Normal query Injected query 
“SELECT info FROM userTable “SELECT info FROM userTable 
WHERE” +“login="" + login + “ WHERE login=‘user’ or 1=1 --' 
AND pin=" + pin; AND pin=" + pin or 1=1 


e Result: Login Successful 


e Input: “user’ or 1=1 --” 


What are the security challenges posed by Mobile devices? 


e Mobile phone security threats generally include application based, web-based, 
network-based and physical threats. 


e Application based threat: If it comes to apps the risks run from bugs and basic 
security risks on the low end of the scale all the way through malicious apps with no 
other purpose to commit cyber crime. 


o Malware 


o Spyware 


o Privacy 
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o Zero Day Vulnerabilities 


e Web based threat: According to the nature of mobile use, the fact that we have our 
devices with us everywhere we go and are connecting to the Internet while doing 
so, they face a number of unique web-based threats as well as the run-of-the-mill 
threats of general Internet use. 


(0) 


Phishing Scams 


(0) 


Social Engineering 


(0) 


Drive By Downloads 


(0) 


Operating System Flaws 


e Network-based threat: Any mobile devices which typically support a minimum of 
three network capabilities making them three-times vulnerable to network-based 
attack. 


o Network exploits 

o WIFi sniffing 

o Cross-Platform Attacks 
o BOYD 


e Physical Threats:: It happens any time, unlikely a desktop sitting at your 
workstation, or even a laptop in your bag, a mobile device is subject to a number of 
everyday physical threats. 


o Loss/Theft: Loss or theft is the most unwanted physical threat to the security of 
your mobile device. Any device itself has value and can be sold on the 
secondary market after all your information is stolen and sold. 


What is an E-contract? Discuss contract Act 1872 and provision of 
e-contract in ITA 2000 


e Traditional physical contracts used to involve a bond paper, lawyer etc. 


e Trade has increased tremendously between parties beyond geographical 
boundaries. 


e Also, physical contracts are not applicable to online transactions and activities. 
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e An electronic contract is an agreement that is drafted, negotiated, and executed 
completely online. 


e Electronic contracts can eliminate many costs associated with traditional pen-and- 
paper contracts and see countless other advantages. 


e Many countries have enacted laws to recognize electronic contracts 


e India IT Act 2000 and Indian Contract act 1872 together are used to solve the 
issues that arise in the formation and authentication of e-contracts 


e Ane-contract is legally binding only if it complies with both the laws. 
Types of Electronic Contracts 
e Shrink Wrap Contracts: 


o Typically packed with the products and license agreements can be read and 
accepted only after unpacking the product. Eg: Any electronic product 
purchased online 


e Click Wrap Contracts: 


o Also called as click through. Mostly found as a part of the software. User has 
only 2 options: accept or decline. Eg. Software or application installation 


e Browse Wrap Contract: 


o Can be found on a website or on the homepage of a downloadable product. 
User has to accept terms and condition to further browse 


Indian Contract Act 1872 


e The Indian Contract Act, 1872 defines the term “Contract” under its section 2 (h) as 
“An agreement enforceable by law”. 


e This definition has two major elements in it viz — “agreement” and “enforceable by 


law”. 


e Agreement: In section 2 (e), the Act defines the term agreement as “every promise 
and every set of promises, forming the consideration for each other”. 


e The Act in its section 2(b) defines the term “promise” here as: “when the person to 
whom the proposal is made signifies his assent thereto, the proposal becomes an 
accepted proposal. A proposal when accepted, becomes a promise”. 
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The Act governs the manner in which contracts are made and executed in India. 


It provides a framework of rules and regulations which governs formation and 
performance of contracts. 


Provision of E Contract in ITA 2000 


The information technology act 2008 has introduced a new section 10A - “ Validity 
of contracts formed through electronic means ” 


Section 10A of ITAA 2008 states: 


o Where in a contract formation, the communication of proposals, the acceptance 
of proposals, the revocation of proposals and acceptances, as the case may be, 
are expressed in electronic form or by means of an electronic record, such 
contract shall not be deemed to be unenforceable solely on the round that such 
electronic form or means was used for that purpose. 


Attribution: ascribe a work or remark to someone or something 
o Considering responsible for 
o Belongs to 

Originator: a person who sends or generate electronic record 


Addressee: receiver of electronic record 


Module 5&6 


Explain how the appeals can be made under the IT ACT 2000. 


An appeal is a request made by the aggrieved party to modify or reverse an order. 
Appeals function both as a process for error correction and a process of clarifying 
and interpreting law 


Any person aggrieved by an order made by controller or adjudicating officer under 
this Act may prefer an appeal to AT [Sec. 57(1)] 


It needs to be noted that, if any person is aggrieved by an order passed by CCA, 
while using the powers vested with him under the Act, and/or the order passed by 
the Adjudicating Officer in the complaint made to him under Secs. 43 and 43A of the 
Act, can file an appeal to AT. 
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e A person will have no right to appeal where the order has been made with the 
consent of the Parties. 


e Every appeal shall be filed within a period of 45 days from the date of receipt of 
order made by the controller or adjudicating officer along with the prescribed fees. 
However, the Appellate Tribunal may entertain an appeal after the expiry of the 
stated period of 45 days if it is satisfied that there was sufficient cause for delay in 
filing an appeal. 


e On receipt of an appeal under Section 57(1), the Appellate Tribunal may, after 
giving an opportunity of being heard to the parties to the appeal, pass such orders 
thereon as it thinks fit. It may confirm, modify or set aside the order against which 
an appeal has been made 


e The appeal shall be dealt with by it as expeditiously as possible and endeavor shall 
be made by it to dispose of the appeal finally within 6 months from the date of 
receipt of the appeal 


e Any person aggrieved by any decision or order of Appellate Tribunal may file an 
appeal to the High Court within 60 days from the date of communication of such 
decision or order. An appeal may be on any question of fact or law arising out of 
such order. 


e The High Court may allow it to be filed within a further period of 60 days, if it is 
satisfied that sufficient cause prevented him from filing the appeal within the 
prescribed period. 


Indian Information Technology Act 2000. What are the key 
provisions? 

e An act to facilitate electronic filing of documents with government agencies, to 
provide legal recognition for transactions made through electronic data interchange 
and other forms of electronic communication, also known as "electronic commerce,” 
which involve using alternatives to paper-based methods of communication and 
information storage, and to further amend the Indian Penal Code, the Indian 
Evidence Act of 1872, the Banker's Books Evid. 


Key provisions: 


e All electronic contracts made through secure electronic channels are legally valid. 
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Legal recognition for digital signatures. 
Security measures for electronic records and also digital signatures are in place 


A procedure for the appointment of adjudicating officers for holding inquiries under 
the Act is finalized 


Provision for establishing a Cyber Regulatory Appellant Tribunal under the Acct. 
Further, this tribunal will handle all appeals made against the order of the Controller 
or Adjudicating Officer. 


An appeal against the order of the Cyber Appellant Tribunal is possible only in the 
High Court 


Digital Signatures will use an asymmetric cryptosystem and also a hash function 


Provision for the appointment of the Controller of Certifying Authorities (CCA) to 
license and regulate the working of Certifying Authorities. The Controller to act as a 
repository of all digital signatures. 


The Act applies to offenses or contraventions committed outside India 


Senior police officers and other officers can enter any public place and search and 
arrest without warrant 


Provisions for the formation of a committee to advise the Controller and the Central 
Government on cyber regulations. 


Amendments to Indian IT Act. 


Technology neutrality adopted. 


Privacy safeguards enhanced: Section 43A inserted prohibiting unauthorized 
disclosure of “sensitive personal information”. 


A new section 72A inserted criminalizing disclosure of information in breach of a 
lawful contract. 


New sections added to cover offences such as identity theft, cyber terrorism, 
violation of privacy, cheating by personation, transmitting sexually explicit act, child 
pornography etc. 


Intermediary liability recast: As a result of the much publicized case of Avnish Bajaj 
Vs NCT Delhi (2005) 3 CompLJ 364 Del) where the CEO of eBay India was made a 
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co-defendant on allegations that eBay facilitated sale of pornography through its 
website. 


Amendments are made in following sections of ITA 2000: 


Section 43 (Data Protection) 

Section 66 (Hacking) 

Section 67 (protection against unauthorized access) 
Section 69 (cyber terrorism) 


Section 72 (privacy and confidentiality) 


Global cooperation in fighting against Cyber crimes. 


Cybercrime is very much a transnational crime. Urgent measures that are needed to 
preserve data at the national level are also necessary within the framework of 
international co-operation. 


The effective combating, investigation and prosecution of such crimes require 
international cooperation between countries, law enforcement agencies and 
institutions backed by laws, international relations, conventions, directives and 
recommendations culminating in a set of international guidelines to fight cybercrime. 


The complex nature of cybercrime, as one that takes place in the borderless realm 
of cyberspace, is compounded by the increasing involvement of organized crime 
groups. Perpetrators of cybercrime, and their victims, are often located in different 
regions, and its effects ripple through societies around the world. This highlights the 
need to mount an urgent, dynamic and international response. 


The Global Programme is designed to respond flexibly to identified needs in 
developing countries by supporting Member States to prevent and combat 
cybercrime in a holistic manner. The main geographic nexus for the Cybercrime 
Programme in 2017 are Central America, Eastern Africa, MENA and South East 
Asia & the Pacific with key aims of: 


Increased efficiency and effectiveness in the investigation, prosecution and 
adjudication of cybercrime, especially online child sexual exploitation and abuse, 
within a strong human-rights framework; 
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Efficient and effective long-term whole-of-government response to cybercrime, 
including national coordination, data collection and effective legal frameworks, 
leading to a sustainable response and greater deterrence; 


Strengthened national and international communication between government, law 
enforcement and the private sector with increased public knowledge of cybercrime 
risks. 


What is the Indian perspective of Cyber laws ? Are they adequate 
to protect from Internet Cyber crimes? 


SOX - Key IT Requirements 


There must be written security policy in the company 


The company should baseline its current compliance state and be prepared to show 
progress towards full compliance 


SOX is commonly applied with progressive requirements year over years 


Additional sections of SOX require timely monitoring and response to issues that 
may materially affect data used or relied upon to generate public financial reports 


Company must log and audit access to financial data and critical files used in the 
preparation of public financial reports 


HIPAA - Key IT Requirements 


HIPAA has an extended set of security requirements and controls with both required 
and addressable (optional) components. 


A summary of key requirements is listed below: 

1. Conduct an initial risk assessment, periodic reviews and reassessments. 
2. Written security policy. 

3. Designated security person. 

4. Written incident handling policy. 


5. Backup, Emergency Operations, and Disaster Recovery plan. 
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6. Reuse and disposal plan for reusable media. 

7. Audit controls are required, including unique user identifiers. 
8. Termination Policy and Procedures 

9. Implement user level processes of least privilege. 

10. Log/audit login and logoffs 


11. Secure and authenticate before physical access to the facility and sensitive 
areas is granted. 


12. Written usage policies by system type (laptop, Desktop, server ... ) 


13. Physical removal tracking and policy of all systems and data (including 
removable media). 


14. Create an “exact copy” backup prior to being moving data or systems. 
15. Logout/disconnect inactive sessions 

16. Audit access to secure data 

17. Encrypt sensitive data (addressable) 

18. Monitor and audit access and alterations to sensitive data 


19. Protect data in transmission 


GLBA - key IT Requirements 
e Organizations must have a written security policy 
e Organizations must establish a baseline, risk assessment and vulnerability scan 


e Organizations must monitor and report any access to the files, folders or databases 
that contain consumer financial information 


e Organizations must notify the consumer if it believes that the consumer’s 
information has been compromised 


e Organizations must designate a security program coordinator 


e Organizations must establish and conduct security awareness and training 
programs 
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e Organizations must establish policies for information processing, transformation, 
storage and disposal; they must also review and revise the activities mentioned in 
the subsequent points 


e Organizations must have appropriate measures to detect, prevent and respond to 
attacks and intrusions 


ISO - Key IT Requirements Summary 
Establish Importance 
. Define the Scope 
. Write High Level Policies 


. Establish a Security Organization 


1. 

2 

3 

4 

5. Identify and Classify Assets and Data 
6. Identify and Classify Risks 

7. Plan for Risk Management 

8. Implement Risk Mitigation Strategies 

9. Statement of Applicability (gap analysis, exclusions/exceptions) 
10. Implement a Training and Security Awareness Program 


11. Monitor and Review 


12. Maintain and Improve 


FISMA - Key IT Requirements Summary 
1. Assess Existing State (create a baseline) 


2. Create a Risk Assessment Summary, and categorize systems as low, moderate, or 
high impact relative to security. 


3. Classify assets per FIPS 199 (Low, Moderate, High) 


1. FIPS (Federal Information Processing Standards) 199 is the result of a law passed in 
2002 designed to recognize “the importance of information security to the economic and 
national security interests of the United States.” FIPS 199 is an essential part of 2002 
(FISMA) 
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4. Secure systems per the appropriate NIST standard by system type (email, DNS, 
wireless etc) 


5. Review Internally, and Independently (annually) for compliance. 

6. Implement policies and procedures to reduce risk to an acceptable level. 
7. Periodically review and test procedures to ensure effectiveness. 

8. Designate a security information officer with primary duties as security. 


9. Implement a security awareness training program for staff and contractors. 


NERC - Key IT Requirements Summary 


e Maintain an inventory of all electronics that either are part of the critical assets list or 
are necessary to the operation of critical assets. 


e Protect access to these critical cyber-assets on a need-to-know basis. 


e Create an electronic security perimeter that prevents unauthorized users from 
accessing any critical cyber-asset, whether they are outside or inside the corporate 
network. 


e Ensure that all electronic cyber-assets are secure via user account management, 
equipment, password management, and secure networking policies. 


e Implement and test a critical cyber-asset recovery plan. 
e Utilities must ensure the physical security of all critical cyber-assets by: 


o Ensuring that there is a physical security perimeter around all critical cyber- 
Assets. 


o All physical access points to critical cyber assets must be identified and 
Controlled. 


o An access log must be maintained for all critical cyber-assets, via keycards, 
video or manual log. 


e Everyone who has access to critical cyber assets, including utility personnel, 
contract workers and vendors, must be trained in cyber-security. 


e Each person who accesses critical cyber assets, including the utility's personnel, 
contract workers and vendors, must be investigated to assess the risk that he or 
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she poses to security. 


PCI - Key IT Requirements Summary 


1. You must have a written security policy. It must be communicated to new employees, 
and have management sponsorship, as well as designating contact information for 
hosts and emergencies. 


2. Annual assessments are required. 


3. Quarterly vulnerability scans (annual for level 4 merchants), are required (internal and 
external). 


4. Do not store unnecessary cardholder information. 

5. Do not store authentication information (CVV2, PIN) . 

6. Encrypt and obscure card information. 

7. Systems must be hardened to industry standards (SANS, NIST etc.) 
a) Patch operating systems and software 
b) Disable unnecessary services. 
c) Change default and vendor passwords and accounts. 


8. Firewalls are required, and there are specific policies required for DMZ to Internal, 
and Internal to External traffic, with both ingress and egress filters. 


9. Wireless networks must use their highest possible encryption standard (WPA/WPA2, 
WEP has been phased out). 


10. Protocols should be restricted to HTTP, SSL, SSH, and VPN, except as otherwise 
noted and justified in a separate written policy. 


11. Limit and Encrypt Administrative/Console access. 


12. Implement only one function per server (i.e Do not run file service and DNS on the 
same host). 


13. Anti-virus software is required for windows systems (not required on Unix hosts). 
14. Applications must follow a Secure Development Life Cycle (SDLC), model with 
code review. 


15. Change control is required. 
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16. Individual unique accounts, with complex passwords are required. 


17. Physical access control is required (Camera, Visitors logs etc.) 


18. System auditing must be maintained (login, logout, system changes...,..) and 
backed up to a centralized log server, with 3 months online and one year offline 
retention. 


19. Penetration testing must be done annually or after significant changes 


(both network and application layer pen testing). 


Short note on SOX 


SOX Applies to all publicly traded companies in the United States 
Protect interest of investors 


It is a U.S. law meant to protect investors from fraudulent accounting activities by 
corporations 


Sarbanes-Oxley was enacted after several major accounting scandals in the early 
2000 


The law mandates, strict reforms to improve financial disclosures from corporations 
and prevent accounting fraud 


It also covers issues such as auditor independence, corporate governance, internal 
control assessment, and enhanced financial disclosure 


Though Sarbanes-Oxley does not call out any specific IT requirements, the law 
does have a great impact on information systems — and in particular the security of 
those systems 


Also known as public company accounting reform and investor protection Act 


A majority of the regulations apply to auditing, the board of directors, disclosures, 
and improper trading 


Number of provisions also applicable to privately held companies 


It contains 11 sections and came in response to financial scandals in companies 


Short note on GLBA 
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GLBA is also known as the financial services modernization act of 1999 
It applies to the financial services industry (insurance, securities, banking) 


It is a United States federal law that requires financial institutions to explain how 
they share and protect their customers’ private information 


To be GLBA compliant, financial institutions must 
o Communicate to their customers how they share the customers’ sensitive data 


o Inform customers of their right to opt-out if they prefer that their personal data 
not be shared with third parties 


o Apply specific protections to customers’ private data in accordance with a 
written information security plan created by the institution. 


The primary data protection implications of the GLBA are outlined its safeguards 
rules, with additional privacy and security requirements 


It requires for the financial institutions to establish standards for protecting the 
security, integrity and confidentiality of their Non-public personal information (NPI) 


Complying with the GLBA puts financial institutions at lower risk of penalties or 
reputational damage caused by unauthorized sharing or loss of private customer 
data. 


Privacy and security benefits required by the GLBA Safeguards Rule for customers: 


Private information must be secured against unauthorized access. 


Customers must be notified of private information sharing between financial 
institutions and third parties and have the ability to opt out of private information 
sharing. 


User activity must be tracked, including any attempts to access protected records. 


Compliance with the GLBA protects consumer and customer records and will 
therefore help to build and strengthen consumer reliability and trust. 


Customers gain assurance that their information will be kept secure by the 
institution; 


Safety and security cultivate customer loyalty, resulting in a boost in reputation, 
repeat business, and other benefits for financial institutions. 
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Short note on HIPAA 


e Health Insurance Portability and Accountability Act (HIPAA) is an act created by the 
U.S. Congress in 1996 


e Amends both the Employee Retirement Income Security Act (ERISA) and the Public 
Health Service Act (PHSA) 


e (HIPAA) is a federal law that required the creation of national standards to protect 
sensitive patient health information from being disclosed without the patient’s 
consent or knowledge. 


e HIPAA was enacted in an effort to protect individuals covered by health insurance 
and to set standards for the storage and privacy of personal medical data. 


e HIPAA applies to healthcare, medical records, insurance, and other medical related 
business 


e Organizations explicitly covered by HIPAA include: 
o Health Care Providers 
o Health Plans 
o Health Clearinghouses 
o Medicare Prescription Drug Card Sponsors 
e It ensures that individual health-care plans are accessible, portable and renewable 


e |t sets the standards and the methods for how medical data is shared across the 
U.S. health system in order to prevent fraud 


e HIPAA also has an administrative simplification provision, which is aimed at 
increasing efficiency and reducing administrative costs by establishing national 
standards. 


Short note on ISO 
e ISO standards are applied to multinational companies. 


e Itis a family of information security management system (ISMS) standards called 
ISO/IEC 27000 series 
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e It comprises information security standards published jointly by the international 
organization for standardization and International electrotechnical commission 


e Latest version of ISO/IEC is 27000:2018. It provides an overview of information 
security management system (ISMS) along with the terms and definitions commonly 
used in the ISMS family standards. 


e It was originally published in 1995 written by the British Standards Institute (BSI). 


e It could be about making a product, managing a process, delivering a service or 
supplying materials — standards cover a huge range of activities. 


e ISO 27000 has 3 parts: 
o Code of Practice - guidelines for security management 
o Specification with guidance for use - Audit Controls 
o Risk analysis and management 


e 27001 focuses on building the foundation and designing the framework of 
information security in organization 


e 27002 is used to implement security controls defined in annex of ISO 27001 


e Registering certifies a company for 3 years (requires annual external review). 


Short note on FISMA 


e FISMA came into existence in 2002 


e National institute of standards and technology (NIST) is present under commerce 
department which is responsible for writing and making standard rules 


e FISMA applies to governmental agencies, governmental contractors and 
telecommunications providers who provide services related to national security. 


e Also applies to Federal agencies, contractors, and any other company or 
organization that uses or operates an information system on behalf of a federal 
agency. 


e FISMA discusses a pyramid of goals based on Availability, Integrity and 
Confidentiality in order to provide security. 
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Short note on NERC 


e NERC is a not-for-profit international regulatory authority whose mission is to assure 
the reliability and security of the bulk power system in North America. 


NERC applies to companies that generate, provide, or transmit energy. 


e NERC is subject to Federal Energy Regulatory Commission (FERC) mandates and 
control. 


e NRC (Nuclear Regulatory Commission), is a related commission for nuclear power. 


e The primary focus of NERC is to provide standards for supervisory control and data 
acquisition devices and networks. 


e NERC develops and enforces 
o Reliability Standards; 
o annually assesses seasonal and long-term reliability; 
o monitors the bulk power system through system awareness; 
o educates, trains, and certifies industry personnel. 


e The majority of IT related policies will be issue addressed in NERC is the 
requirement to monitor log devices with no gap exceeding 7 days. 


Short note on PCI 


e PCI is an independent organization that sets standards for credit card processors 
and merchants. 


e Applies to merchants and processors of Visa, Mastercard, American Express, 
Diners Club International, or JCB (an Asian based credit card), transactions. 


e PCI specifies different merchant levels from 1-4 (1 being the highest), based on the 
number of transactions per year, and has increased security requirements at each 
higher level. 


e PCI specifies security standards for “Any system that stores, processes, or 
transmits cardholder data” 


e Unlike SOX and GLBA, The PCI standard is quite straightforward and IT specific. 
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